diff --git a/README.md b/README.md
index a298206..ed4282f 100644
--- a/README.md
+++ b/README.md
@@ -381,13 +381,13 @@ module "eventbridge" {
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.53 |
+| [aws](#requirement\_aws) | >= 5.61 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.53 |
+| [aws](#provider\_aws) | >= 5.61 |
## Modules
@@ -507,6 +507,7 @@ No modules.
| [event\_source\_name](#input\_event\_source\_name) | The partner event source that the new event bus will be matched with. Must match name. | `string` | `null` | no |
| [kinesis\_firehose\_target\_arns](#input\_kinesis\_firehose\_target\_arns) | The Amazon Resource Name (ARN) of the Kinesis Firehose Delivery Streams you want to use as EventBridge targets | `list(string)` | `[]` | no |
| [kinesis\_target\_arns](#input\_kinesis\_target\_arns) | The Amazon Resource Name (ARN) of the Kinesis Streams you want to use as EventBridge targets | `list(string)` | `[]` | no |
+| [kms\_key\_identifier](#input\_kms\_key\_identifier) | The identifier of the AWS KMS customer managed key for EventBridge to use, if you choose to use a customer managed key to encrypt events on this event bus. The identifier can be the key Amazon Resource Name (ARN), KeyId, key alias, or key alias ARN. | `string` | `null` | no |
| [lambda\_target\_arns](#input\_lambda\_target\_arns) | The Amazon Resource Name (ARN) of the Lambda Functions you want to use as EventBridge targets | `list(string)` | `[]` | no |
| [number\_of\_policies](#input\_number\_of\_policies) | Number of policies to attach to IAM role | `number` | `0` | no |
| [number\_of\_policy\_jsons](#input\_number\_of\_policy\_jsons) | Number of policies JSON to attach to IAM role | `number` | `0` | no |
diff --git a/examples/api-gateway-event-source/README.md b/examples/api-gateway-event-source/README.md
index 35e123c..77cce1d 100644
--- a/examples/api-gateway-event-source/README.md
+++ b/examples/api-gateway-event-source/README.md
@@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.53 |
+| [aws](#requirement\_aws) | >= 5.61 |
| [random](#requirement\_random) | >= 3.0 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.53 |
+| [aws](#provider\_aws) | >= 5.61 |
| [random](#provider\_random) | >= 3.0 |
## Modules
diff --git a/examples/api-gateway-event-source/versions.tf b/examples/api-gateway-event-source/versions.tf
index 894f875..67389a7 100644
--- a/examples/api-gateway-event-source/versions.tf
+++ b/examples/api-gateway-event-source/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.53"
+ version = ">= 5.61"
}
random = {
source = "hashicorp/random"
diff --git a/examples/complete/README.md b/examples/complete/README.md
index 049053c..e547049 100644
--- a/examples/complete/README.md
+++ b/examples/complete/README.md
@@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.53 |
+| [aws](#requirement\_aws) | >= 5.61 |
| [null](#requirement\_null) | >= 2.0 |
| [random](#requirement\_random) | >= 3.0 |
@@ -28,7 +28,7 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.53 |
+| [aws](#provider\_aws) | >= 5.61 |
| [null](#provider\_null) | >= 2.0 |
| [random](#provider\_random) | >= 3.0 |
diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf
index 4399f30..acc1d34 100644
--- a/examples/complete/versions.tf
+++ b/examples/complete/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.53"
+ version = ">= 5.61"
}
random = {
source = "hashicorp/random"
diff --git a/examples/default-bus/README.md b/examples/default-bus/README.md
index 055086b..244b424 100644
--- a/examples/default-bus/README.md
+++ b/examples/default-bus/README.md
@@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.53 |
+| [aws](#requirement\_aws) | >= 5.61 |
| [random](#requirement\_random) | >= 3.0 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.53 |
+| [aws](#provider\_aws) | >= 5.61 |
| [random](#provider\_random) | >= 3.0 |
## Modules
diff --git a/examples/default-bus/versions.tf b/examples/default-bus/versions.tf
index 894f875..67389a7 100644
--- a/examples/default-bus/versions.tf
+++ b/examples/default-bus/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.53"
+ version = ">= 5.61"
}
random = {
source = "hashicorp/random"
diff --git a/examples/with-api-destination/README.md b/examples/with-api-destination/README.md
index b9ee290..df1ae1e 100644
--- a/examples/with-api-destination/README.md
+++ b/examples/with-api-destination/README.md
@@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.53 |
+| [aws](#requirement\_aws) | >= 5.61 |
| [random](#requirement\_random) | >= 3.0 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.53 |
+| [aws](#provider\_aws) | >= 5.61 |
| [random](#provider\_random) | >= 3.0 |
## Modules
diff --git a/examples/with-api-destination/versions.tf b/examples/with-api-destination/versions.tf
index 894f875..67389a7 100644
--- a/examples/with-api-destination/versions.tf
+++ b/examples/with-api-destination/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.53"
+ version = ">= 5.61"
}
random = {
source = "hashicorp/random"
diff --git a/examples/with-archive/README.md b/examples/with-archive/README.md
index b7e62ed..2bc163c 100644
--- a/examples/with-archive/README.md
+++ b/examples/with-archive/README.md
@@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.53 |
+| [aws](#requirement\_aws) | >= 5.61 |
| [random](#requirement\_random) | >= 3.0 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.53 |
+| [aws](#provider\_aws) | >= 5.61 |
| [random](#provider\_random) | >= 3.0 |
## Modules
diff --git a/examples/with-archive/versions.tf b/examples/with-archive/versions.tf
index 894f875..67389a7 100644
--- a/examples/with-archive/versions.tf
+++ b/examples/with-archive/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.53"
+ version = ">= 5.61"
}
random = {
source = "hashicorp/random"
diff --git a/examples/with-ecs-scheduling/README.md b/examples/with-ecs-scheduling/README.md
index dfa27c8..8abac4d 100644
--- a/examples/with-ecs-scheduling/README.md
+++ b/examples/with-ecs-scheduling/README.md
@@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.53 |
+| [aws](#requirement\_aws) | >= 5.61 |
| [random](#requirement\_random) | >= 3.0 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.53 |
+| [aws](#provider\_aws) | >= 5.61 |
| [random](#provider\_random) | >= 3.0 |
## Modules
diff --git a/examples/with-ecs-scheduling/versions.tf b/examples/with-ecs-scheduling/versions.tf
index 894f875..67389a7 100644
--- a/examples/with-ecs-scheduling/versions.tf
+++ b/examples/with-ecs-scheduling/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.53"
+ version = ">= 5.61"
}
random = {
source = "hashicorp/random"
diff --git a/examples/with-lambda-scheduling/README.md b/examples/with-lambda-scheduling/README.md
index 1b89d06..11d5994 100644
--- a/examples/with-lambda-scheduling/README.md
+++ b/examples/with-lambda-scheduling/README.md
@@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.53 |
+| [aws](#requirement\_aws) | >= 5.61 |
| [null](#requirement\_null) | >= 2.0 |
| [random](#requirement\_random) | >= 3.0 |
diff --git a/examples/with-lambda-scheduling/versions.tf b/examples/with-lambda-scheduling/versions.tf
index 4399f30..acc1d34 100644
--- a/examples/with-lambda-scheduling/versions.tf
+++ b/examples/with-lambda-scheduling/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.53"
+ version = ">= 5.61"
}
random = {
source = "hashicorp/random"
diff --git a/examples/with-permissions/README.md b/examples/with-permissions/README.md
index a78699c..09f9d7b 100644
--- a/examples/with-permissions/README.md
+++ b/examples/with-permissions/README.md
@@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.53 |
+| [aws](#requirement\_aws) | >= 5.61 |
| [random](#requirement\_random) | >= 3.0 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.53 |
+| [aws](#provider\_aws) | >= 5.61 |
| [random](#provider\_random) | >= 3.0 |
## Modules
diff --git a/examples/with-permissions/versions.tf b/examples/with-permissions/versions.tf
index 894f875..67389a7 100644
--- a/examples/with-permissions/versions.tf
+++ b/examples/with-permissions/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.53"
+ version = ">= 5.61"
}
random = {
source = "hashicorp/random"
diff --git a/examples/with-pipes/README.md b/examples/with-pipes/README.md
index c940d6f..dfdf2ed 100644
--- a/examples/with-pipes/README.md
+++ b/examples/with-pipes/README.md
@@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.53 |
+| [aws](#requirement\_aws) | >= 5.61 |
| [null](#requirement\_null) | >= 2.0 |
| [random](#requirement\_random) | >= 3.0 |
@@ -28,7 +28,7 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.53 |
+| [aws](#provider\_aws) | >= 5.61 |
| [null](#provider\_null) | >= 2.0 |
| [random](#provider\_random) | >= 3.0 |
@@ -39,6 +39,7 @@ Note that this example may create resources which cost money. Run `terraform des
| [eventbridge](#module\_eventbridge) | ../../ | n/a |
| [firehose\_to\_s3](#module\_firehose\_to\_s3) | terraform-aws-modules/iam/aws//modules/iam-assumable-role | ~> 5.0 |
| [firehose\_to\_s3\_policy](#module\_firehose\_to\_s3\_policy) | terraform-aws-modules/iam/aws//modules/iam-policy | ~> 5.0 |
+| [kms](#module\_kms) | terraform-aws-modules/kms/aws | ~> 2.0 |
| [lambda\_target](#module\_lambda\_target) | terraform-aws-modules/lambda/aws | ~> 6.0 |
| [logs\_bucket](#module\_logs\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 4.0 |
| [step\_function\_target](#module\_step\_function\_target) | terraform-aws-modules/step-functions/aws | ~> 2.0 |
@@ -66,6 +67,7 @@ Note that this example may create resources which cost money. Run `terraform des
| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
| [aws_iam_policy_document.assume_role_pipe](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.firehose_to_s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
## Inputs
diff --git a/examples/with-pipes/main.tf b/examples/with-pipes/main.tf
index 4be2c38..598fb38 100644
--- a/examples/with-pipes/main.tf
+++ b/examples/with-pipes/main.tf
@@ -8,12 +8,14 @@ provider "aws" {
}
data "aws_caller_identity" "current" {}
+data "aws_region" "current" {}
module "eventbridge" {
source = "../../"
- create_bus = true
- bus_name = "example"
+ create_bus = true
+ bus_name = "example"
+ kms_key_identifier = module.kms.key_arn
create_api_destinations = true
create_connections = true
@@ -104,7 +106,8 @@ module "eventbridge" {
}
log_configuration = {
- level = "TRACE"
+ level = "TRACE"
+ include_execution_data = ["ALL"]
cloudwatch_logs_log_destination = {
log_group_arn = aws_cloudwatch_log_group.logs.arn
}
@@ -575,3 +578,48 @@ data "aws_iam_policy_document" "firehose_to_s3" {
]
}
}
+
+module "kms" {
+ source = "terraform-aws-modules/kms/aws"
+ version = "~> 2.0"
+ description = "KMS key for cross region automated backups replication"
+
+ # Aliases
+ aliases = ["test"]
+ aliases_use_name_prefix = true
+ key_statements = [
+ {
+ sid = "Allow eventbridge"
+ principals = [
+ {
+ type = "Service"
+ identifiers = ["events.amazonaws.com"]
+ }
+ ]
+ actions = [
+ "kms:DescribeKey",
+ "kms:GenerateDataKey",
+ "kms:Decrypt"
+ ]
+ resources = ["*"]
+ conditions = [
+ {
+ test = "StringEquals"
+ variable = "kms:EncryptionContext:aws:events:event-bus:arn"
+ values = [
+ "arn:aws:events:${data.aws_region.current.id}:${data.aws_caller_identity.current.account_id}:event-bus/example",
+ ]
+ },
+ {
+ test = "StringEquals"
+ variable = "aws:SourceArn"
+ values = [
+ "arn:aws:events:${data.aws_region.current.id}:${data.aws_caller_identity.current.account_id}:event-bus/example",
+ ]
+ }
+ ]
+ }
+ ]
+
+ key_owners = [data.aws_caller_identity.current.arn]
+}
diff --git a/examples/with-pipes/versions.tf b/examples/with-pipes/versions.tf
index 4399f30..acc1d34 100644
--- a/examples/with-pipes/versions.tf
+++ b/examples/with-pipes/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.53"
+ version = ">= 5.61"
}
random = {
source = "hashicorp/random"
diff --git a/examples/with-schedules/README.md b/examples/with-schedules/README.md
index 778a095..54d63fe 100644
--- a/examples/with-schedules/README.md
+++ b/examples/with-schedules/README.md
@@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [aws](#requirement\_aws) | >= 5.53 |
+| [aws](#requirement\_aws) | >= 5.61 |
| [null](#requirement\_null) | >= 2.0 |
| [random](#requirement\_random) | >= 3.0 |
@@ -28,7 +28,7 @@ Note that this example may create resources which cost money. Run `terraform des
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.53 |
+| [aws](#provider\_aws) | >= 5.61 |
| [null](#provider\_null) | >= 2.0 |
| [random](#provider\_random) | >= 3.0 |
diff --git a/examples/with-schedules/versions.tf b/examples/with-schedules/versions.tf
index 4399f30..acc1d34 100644
--- a/examples/with-schedules/versions.tf
+++ b/examples/with-schedules/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.53"
+ version = ">= 5.61"
}
random = {
source = "hashicorp/random"
diff --git a/main.tf b/main.tf
index a53b231..863f5b0 100644
--- a/main.tf
+++ b/main.tf
@@ -64,8 +64,9 @@ data "aws_cloudwatch_event_bus" "this" {
resource "aws_cloudwatch_event_bus" "this" {
count = var.create && var.create_bus ? 1 : 0
- name = var.bus_name
- event_source_name = try(var.event_source_name, null)
+ name = var.bus_name
+ event_source_name = var.event_source_name
+ kms_key_identifier = var.kms_key_identifier
tags = var.tags
}
@@ -781,7 +782,8 @@ resource "aws_pipes_pipe" "this" {
dynamic "log_configuration" {
for_each = try([each.value.log_configuration], [])
content {
- level = log_configuration.value.level
+ include_execution_data = try(log_configuration.value.include_execution_data, null)
+ level = log_configuration.value.level
dynamic "cloudwatch_logs_log_destination" {
for_each = try([log_configuration.value.cloudwatch_logs_log_destination], [])
diff --git a/variables.tf b/variables.tf
index dba98cf..564e818 100644
--- a/variables.tf
+++ b/variables.tf
@@ -126,6 +126,12 @@ variable "event_source_name" {
default = null
}
+variable "kms_key_identifier" {
+ description = "The identifier of the AWS KMS customer managed key for EventBridge to use, if you choose to use a customer managed key to encrypt events on this event bus. The identifier can be the key Amazon Resource Name (ARN), KeyId, key alias, or key alias ARN."
+ type = string
+ default = null
+}
+
variable "schemas_discoverer_description" {
description = "Default schemas discoverer description"
type = string
diff --git a/versions.tf b/versions.tf
index 6834333..97e87e8 100644
--- a/versions.tf
+++ b/versions.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.53"
+ version = ">= 5.61"
}
}
}